As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories
Continue ReadingCategory: Dynamic Threat Feeds
Best Practices to Configure BIG-IP LTM Systems to Encrypt HTTP Persistence Cookies
CISA has observed cyber threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to enumerate other non-internet facing devices on the network. F5 BIG-IP is a suite of hardware and software
Continue ReadingGPTHoney: A new class of honeypot [Guest Diary], (Thu, Oct 10th)
[This is a Guest Diary by Christopher Schroeder, an ISC intern as part of the SANS.edu BACS program] Introduction Honeypots are a useful tool for researchers and defenders and the technology behind them has long been
Continue ReadingISC Stormcast For Thursday, October 10th, 2024 https://isc.sans.edu/podcastdetail/9174, (Thu, Oct 10th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingCISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-23113 Fortinet Multiple Products Format String Vulnerability CVE-2024-9379 Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability CVE-2024-9380 Ivanti Cloud Services Appliance (CSA)
Continue ReadingOutmaneuvering Rhysida: How Advanced Threat Intelligence Shields Critical Infrastructure from Ransomware
SummaryRhysida ransomware, first active in early 2023, employs multi-tiered infrastructure and CleanUpLoader for post-exploitation activities. UsingRecorded Future's Network Intelligence, Insikt Group identified Rhysida victims an average of 30 days before they appeared on public extortion sites,
Continue ReadingPlay Offense with Powerful Enhancements to Ransomware Detection in Recorded Future Threat Intelligence
$1.1 billion dollars.Thats how much ransomware victims paid hackers to unlock their data in 2023. And while $1.1 billion is a staggering sum, it represents only the amount of money that companies and individuals have publicly
Continue ReadingFrom Perfctl to InfoStealer, (Wed, Oct 9th)
A few days ago, a new stealthy malware targeting Linux hosts made a lot of noise: perfctl[1]. The malware has been pretty well analyzed and I won’t repeat what has been already disclosed. I found a
Continue ReadingISC Stormcast For Wednesday, October 9th, 2024 https://isc.sans.edu/podcastdetail/9172, (Wed, Oct 9th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingAdobe Releases Security Updates for Multiple Products
Adobe released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the
Continue Reading